Table of Contents

Slackware64-13.0 ChangeLog (2017-08-11)

Fri Aug 11 23:02:43 UTC 2017

Packages

Upgraded

patches/packages/git-2.14.1-x86_64-1_slack13.0.txz
Fixes security issues:
A “ssh:…” URL can result in a “ssh” command line with a hostname that
begins with a dash “-”, which would cause the “ssh” command to instead
(mis)treat it as an option. This is now prevented by forbidding such a
hostname (which should not impact any real-world usage).
Similarly, when GIT_PROXY_COMMAND is configured, the command is run with
host and port that are parsed out from “ssh:…” URL; a poorly written
GIT_PROXY_COMMAND could be tricked into treating a string that begins with a
dash “-” as an option. This is now prevented by forbidding such a hostname
and port number (again, which should not impact any real-world usage).
For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117
(* Security fix *)